iankelling.org / git / distro-setup / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
wip using btrfs send for sync
[distro-setup] / distro-end
1 #!/bin/bash -l
2 # Copyright (C) 2016 Ian Kelling
3
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7
8 # http://www.apache.org/licenses/LICENSE-2.0
9
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15
16 errcatch
17
18 set -x
19
20 exec &> >(sudo tee -a /var/log/distro-end)
21 echo "$0: $(date): starting now)"
22
23 src="${BASH_SOURCE%/*}"
24
25 end_msg() {
26 = local y
27 IFS= read -r -d '' y ||:
28 end_msg_var+="$y"
29 }
30
31 spa() { # simple package add
32 simple_packages+=($@)
33 }
34
35 distro=$(distro-name)
36
37 pending_reboot=false
38
39 # template
40 case $distro in
41 esac
42
43 pup
44
45 simple_packages=(
46 htop
47 mailutils
48 nmon
49 rdiff-backup
50 ruby
51 ruby-rest-client
52 tree
53 vim
54 )
55
56 case $HOSTNAME in
57 lj|li) : ;;
58 *)
59 # universal packages
60 # swh-plugins is for karaoke pulsaudio filter.
61 simple_packages+=(
62 apache2
63 bwm-ng
64 chromium
65 duplicity
66 evince
67 fdupes
68 filelight
69 gdb
70 goaccess
71 gnome-screenshot
72 jq
73 locate
74 meld
75 nmap
76 offlineimap
77 p7zip
78 paprefs
79 pavucontrol
80 pdfgrep
81 pianobar
82 pidgin
83 slock
84 squashfs-tools
85 swh-plugins
86 tcpdump
87 transmission-remote-gtk
88 vlc
89 )
90 ;;
91 esac
92
93
94
95 ########### begin section including li ################
96
97
98 case $distro in
99 debian)
100 if [[ `debian-archive` == testing ]]; then
101 pi acme-tiny
102 fi
103 esac
104
105 case $distro in
106 fedora) spa unrar ;;
107 *) spa unrar-free ;;
108 esac
109
110
111 case $distro in
112 arch)
113 # ubuntu 14.04 uses b-cron,
114 # but its not maintained in arch.
115 # of the ones in the main repos, cronie is only one maintained.
116 # fcron appears abandoned software.
117 pi cronie
118 sgo cronie
119 ;;
120 *) : ;; # other distros come with cron.
121 esac
122
123
124 case $distro in
125 debian|ubuntu)
126 pi debian-goodies
127 ;;
128 esac
129
130
131 case $distro in
132 *) pi at ;;&
133 arch) sgo atd ;;
134 esac
135
136
137 case $distro in
138 debian) pi curl;;
139 arch) : ;;
140 # fedora: unknown
141 esac
142
143 case $distro in
144 # tk for gitk
145 arch) spa git tk ;;
146 *) spa git ;;
147 esac
148
149 case $distro in
150 arch) spa the_silver_searcher ;;
151 debian|ubuntu) spa silversearcher-ag ;;
152 # fedora unknown
153 esac
154
155 case $distro in
156 debian|ubuntu) spa ntp;;
157 arch)
158 pi ntp
159 sgo ntpd
160 ;;
161 # others unknown
162 esac
163
164
165 # no equivalent in other distros:
166 case $distro in
167 debian|ubuntu)
168 pi apt-file aptitude
169 s apt-file update
170 # for debconf-get-selections
171 spa debconf-utils
172 ;;
173 esac
174
175 case $distro in
176 ubuntu|debian) spa ack-grep ;;
177 arch|fedora) spa ack ;;
178 # fedora unknown
179 esac
180
181 case $distro in
182 arch|debian|ubuntu)
183 spa bash-completion
184 ;;
185 # others unknown
186 esac
187
188
189
190
191
192 # disable motd junk.
193 case $(distro-name) in
194 debian)
195 # allows me to pipe with ssh -t, and gets rid of spam
196 # http://forums.debian.net/viewtopic.php?f=5&t=85822
197 # i'd rather disable the service than comment the init file
198 # this says disabling the service, it will still get restarted
199 # but this script doesn't do anything on restart, so it should be fine
200 s dd of=/var/run/motd.dynamic if=/dev/null
201 # stretch doesn't have initscripts pkg installed by default
202 if [[ $(debian-codename) == jessie ]]; then
203 s update-rc.d motd disable
204 fi
205 ;;
206 ubuntu)
207 # this isn't a complete solution. It still shows me when updates are available,
208 # but it's no big deal.
209 s t /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
210 ;;
211 esac
212
213 # automatic updates
214 # reference:
215 # https://debian-handbook.info/browse/stable/sect.regular-upgrades.html
216 # /etc/cron.daily/apt calls unattended-upgrades
217 # /usr/share/doc/unattended-upgrades# cat README.md
218 # /etc/apt/apt.conf.d/50unattended-upgrades
219 if isdebian; then
220 setup-debian-auto-update
221 fi
222
223 # we've got a few dependencies later on, so install them now.
224 pi "${simple_packages[@]}"
225 simple_packages=()
226
227 case $HOSTNAME in
228 lj|li)
229
230 case $HOSTNAME in
231 lj) domain=iank.bid ;;
232 li) domain=iankelling.org ;;
233 esac
234 /a/h/setup.sh $domain
235 /a/h/build.rb
236
237 sudo -E /a/bin/mediawiki-setup/mw-setup-script
238 #$src/phab-setup
239
240 echo "$0: $(date): ending now)"
241 exit 0
242 ;;
243 esac
244
245 ########### end section including li/lj ###############
246
247
248 if [[ $HOSTNAME == frodo ]]; then
249 case $distro in
250 ubunut|debian)
251 pi libsqlite3-dev
252 cd /a/opt/duperemove
253 make clean
254 make
255 s make install
256 ;;
257 #others unknown
258 esac
259 fi
260
261 case $distro in
262 arch) pi syncthing ;;
263 ubuntu|debian)
264 # google led me here:
265 # https://apt.syncthing.net/
266 curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
267 s="deb http://apt.syncthing.net/ syncthing release"
268 if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != $s ]]; then
269 echo "$s" | s dd of=/etc/apt/sources.list.d/syncthing.list
270 p update
271 fi
272 pi syncthing
273 ;;
274 esac
275 # installed via f-droid
276 # top right, actions, device id
277 #
278 # for installing on a remote comp:
279 # ssh -L 8384:localhost:8384 -N frodo
280 # went to http://localhost:8384/
281 #
282 # add folder to sync phone,
283 # staggered file versioning would be my normal choice, but choose
284 # trash can versioning for sake of space on phone, with
285 # clean out after 7 days.
286 #
287 # did:
288 # ser start syncthing@ian
289 # then on phone, add device, hit bar code icon,
290 # install bar code scanner.
291
292
293 # no equivalent in other distros:
294 case $distro in
295 debian|ubuntu)
296 # for gui bug reporting
297 spa python-vte
298 ;;
299 esac
300
301
302 ####### misc packages ###########
303
304
305 if [[ $HOSTNAME == treetowl ]]; then
306 case $distro in
307 debian|ubuntu)
308 # note i had to do this, which is persistent:
309 # cd /i/k
310 # s chgrp debian-transmission torrents partial-torrents
311
312 # syslog says things like
313 # 'Failed to set receive buffer: requested 4194304, got 425984'
314 # google suggets giving it even more than that
315 tu /etc/sysctl.conf<<'EOF'
316 net.core.rmem_max = 67108864
317 net.core.wmem_max = 16777216
318 EOF
319 s sysctl -p
320
321 # some reason it doesn't seem to start automatically anyways
322 pi-nostart transmission-daemon
323 # config file documented here, and it's the same config
324 # for daemon vs client, so it's documented in the gui.
325 # https://trac.transmissionbt.com/wiki/EditConfigFiles#Options
326 s ruby <<'EOF'
327 require 'json'
328 p = '/etc/transmission-daemon/settings.json'
329 File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
330 'rpc-whitelist' => '127.0.0.1,192.168.1.*',
331 'rpc-authentication-required' => false,
332 'incomplete-dir' => '/i/k/partial-torrents',
333 'download-dir' => '/i/k/torrents',
334 "speed-limit-up" => 700,
335 "speed-limit-up-enabled" => true,
336 "ratio-limit" => 1.4000,
337 "ratio-limit-enabled" => true,
338 })) + "\n")
339 EOF
340 sgo transmission-daemon
341 ;;
342 arch)
343 # todo, setup it's config file & daemon
344 pi transmission-cli
345 ;;
346 esac
347 fi
348
349 # adapted from /var/lib/dpkg/info/transmission-daemon.postinst
350 if ! getent passwd debian-transmission > /dev/null; then
351 case $distro in
352 arch)
353 s useradd \
354 --system \
355 --create-home \
356 --home-dir /var/lib/transmission-daemon \
357 --shell /bin/false \
358 debian-transmission
359 ;;
360 *)
361 s adduser --quiet \
362 --system \
363 --group \
364 --no-create-home \
365 --disabled-password \
366 --home /var/lib/transmission-daemon \
367 debian-transmission
368 ;;
369 esac
370 fi
371
372 # dunno why it's there, but get rid of it
373 case $HOSTNAME in
374 li|lj) s rm -rf /home/linode ;;
375 esac
376
377 # arch had a default config,
378 # debian had nothing until you start it.
379 # With a little trial an error, here is a minimal config
380 # taken from the generated one, plus changes that the
381 # settings ui does, without a bunch of ui crap settings.
382 #
383 # only settings I set were
384 # hostname
385 # auto-connect
386 for f in /home/*; do
387 d=$f/.config/transmission-remote-gtk
388 u=${f##*/}
389 s -u $u mkdir -p $d
390 s -u $u dd of=$d/config.json <<'EOF'
391 {
392 "profiles" : [
393 {
394 "profile-name" : "Default",
395 "hostname" : "treetowl",
396 "rpc-url-path" : "/transmission/rpc",
397 "username" : "",
398 "password" : "",
399 "auto-connect" : true,
400 "ssl" : false,
401 "timeout" : 40,
402 "retries" : 3,
403 "update-active-only" : false,
404 "activeonly-fullsync-enabled" : false,
405 "activeonly-fullsync-every" : 2,
406 "update-interval" : 3,
407 "min-update-interval" : 3,
408 "session-update-interval" : 60,
409 "exec-commands" : [
410 ],
411 "destinations" : [
412 ]
413 }
414 ],
415 "profile-id" : 0,
416 "add-options-dialog" : false
417 }
418 EOF
419 done
420
421 case $distro in
422 debian|ubuntu)
423 pi-nostart openvpn
424 # pi-nostart this doesnt seem to be good enough?
425 ser disable openvpn@client
426 ser disable openvpn
427 ;;
428 # suggests because we want the resolvconf package
429 *) pi --install-suggests openvpn;;
430 esac
431
432 pi wget
433 case $HOSTNAME in
434 tp|frodo)
435 case $distro in
436 debian|ubuntu)
437 log=$(mktemp)
438 cd /a/opt
439 wget -nv -N https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
440 errallow
441 set -o pipefail
442 s dpkg -i google-chrome-stable_current_amd64.deb |& tee $log
443 code=$?
444 errcatch
445 case $code in
446 0) : ;;
447 *)
448 # previously I had a more specific search, but dpkg
449 # changed it's output as of 7/2016
450 if grep 'dependency problems' \
451 $log &>/dev/null; then
452 s apt-get -fy install
453 else
454 exit 1
455 fi
456 ;;
457 esac
458 ;;
459 arch)
460 pi google-chrome
461 ;;
462 esac
463 ;;
464 esac
465
466 # printer
467 case $distro in
468 arch)
469 pi cups ghostscript gsfonts # from arch wiki cups page
470 pi hplip # from google
471 s gpasswd -a $USER sys # from arch wiki
472 sgo org.cups.cupsd.service
473 # goto http://127.0.0.1:631
474 # administration tab, add new printer button.
475 # In debian, I could use hte recommended driver,
476 # in arch, I had to pick out the 6L driver.
477 ;;
478 debian|ubuntu)
479 spa hplip
480 ;;
481 # other distros unknown
482 esac
483
484
485 case $distro in
486 ubuntu|debian) pi --no-install-recommends mairix notmuch ;;
487 fedora|arch) spa mairix notmuch ;;
488 esac
489 case $distro in
490 arch) spa nfs-utils ;;
491 ubuntu|debian) spa nfs-client ;;
492 esac
493 case $distro in
494 ubuntu|debian) spa par2 ;;
495 arch|fedora) spa par2cmdline ;;
496 esac
497
498 # needed for my tex resume
499 case $distro in
500 ubuntu|debian) spa texlive-full ;;
501 arch) spa texlive-most ;;
502 # fedora unknown
503 esac
504
505 case $distro in
506 ubuntu)
507 # flash, unrar, codecs, ms fonts.
508 # This has a manual prompt.
509 spa ubuntu-restricted-extras
510 ;;
511 fedora)
512 pi yum-utils
513 # rpm fusion recommended codecs
514 s su -c "yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
515 pi gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg\
516 xine-lib-extras-freeworld
517 ;;
518 esac
519
520 case $distro in
521 # optional dep for firefox for h.264 video
522 arch) spa gst-libav ;;
523 # other distros, probably come by default
524 esac
525
526 case $distro in
527 fedora|ubuntu|debian) spa gnupg-agent ;;
528 arch) : ;;
529 esac
530
531
532 case $distro in
533 fedora) spa pinentry-gtk ;;
534 *) : ;; # comes default or with other packages
535 esac
536
537 case $distro in
538 arch) spa firefox pulseaudio;;
539 *) : ;; # comes default or with other packages
540 esac
541
542
543 case $distro in
544 arch) spa ttf-dejavu;;
545 debian|ubuntu) spa fonts-dejavu ;;
546 # others unknown
547 esac
548
549
550 case $distro in
551 arch) spa xorg-xev;;
552 debian|ubuntu) spa x11-utils ;;
553 # others unknown
554 esac
555
556 case $distro in
557 arch) pi virt-install;;&
558 debian|ubuntu) pi virtinst ;;&
559 *) pi virt-manager ;; # creates the libvirt group in debian at least
560 # others unknown
561 esac
562 # allow user to run vms, from debian handbook
563 for x in ian traci; do s usermod -a -G libvirt,kvm $x; done
564 # bridge networking as user fails. google lead here, but it doesn't work:
565 # oh well, I give up.
566 # http://wiki.qemu.org/Features-Done/HelperNetworking
567 # s mkdir /etc/qemu
568 # f=/etc/qemu/bridge.conf
569 # s dd of=$f <<'EOF'
570 # allow br0
571 # EOF
572 # #s chown root:qemu $f # debian has somethig like qemu-libvirt. equivalent?
573 # s chmod 640 $f
574
575
576 case $distro in
577 arch) spa cdrkit;;
578 debian|ubuntu) spa genisoimage;;
579 # others unknown
580 esac
581
582 case $distro in
583 arch) spa spice-gtk3 ;;
584 debian|ubuntu) spa spice-client-gtk;;
585 # others unknown
586 esac
587
588 # general known for debian/ubuntu, not for fedora
589 case $distro in
590 arch)
591 # cdrkit for cloud-init isos
592 # dnsmasq & ebtables for nat networking in libvirt
593 # qemu for qemu-img, bind-tools for dig
594 # dmidecode just because syslog complains
595 pi unzip xorg-xmodmap dmidecode ebtables\
596 bridge-utils dnsmasq qemu bind-tools
597 # otherwise we get error about accessing kvm module.
598 # seems like there might be a better way, but google was a bit vague.
599 s sed -ri --follow-symlinks '/^ *user *=/d' /etc/libvirt/qemu.conf
600 echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf
601 # https://bbs.archlinux.org/viewtopic.php?id=206206
602 # # this should prolly go in the wiki
603 sgo virtlogd.socket
604 # guessing this is not needed
605 #sgo virtlogd.service
606 sgo libvirtd
607
608 ;;
609 esac
610
611 case $distro in
612 arch) pi virtviewer ;;
613 *) : ;; # other distros have it as a dependency afaik.
614 esac
615
616
617
618 case $distro in
619 fedora) cabal install shellcheck ;;
620 *) spa shellcheck ;;
621 # unknown for older ubuntu
622 esac
623
624
625 case $distro in
626 arch|debian|ubuntu) spa pumpa ;;
627 # others unknown. do have a buildscript:
628 # /a/bin/buildscripts/pumpa ;;
629 esac
630
631
632 case $distro in
633 debian|ubuntu) spa android-tools-adb/unstable ;;
634 arch) spa android-tools ;;
635 # other distros unknown
636 esac
637
638 case $distro in
639 debian)
640 if [[ `debian-archive` == testing ]]; then
641 # has no unstable dependencies
642 spa bitcoin-qt/unstable
643 fi
644 ;;
645 # other distros unknown
646 esac
647
648
649 # proprietary flash. going without for now
650 # case $distro in
651 # debian)
652 # pi flashplugin-nonfree
653 # esac
654
655
656
657 case $distro in
658 fedora)
659 cd $(mktemp -d)
660 wget http://tamacom.com/global/global-6.3.2.tar.gz
661 ex global*
662 cd global-6.3.2
663 # based on https://github.com/leoliu/ggtags
664 ./configure --with-exuberant-ctags=/usr/bin/ctags
665 make
666 s make install
667 s pip install pygments
668 ;;
669 *)
670 pi global
671 ;;&
672 arch)
673 pi python2-pygments
674 ;;
675 debian|ubuntu)
676 pi python-pygments
677 ;;
678 esac
679
680
681 case $distro in
682 debian)
683 pi task-cinnamon-desktop
684 # in settings, change scrolling to two-finger,
685 # because the default edge scroll doesn\'t work.
686 pu transmission-gtk
687 ;;
688 # others unknown
689 esac
690
691 case $distro in
692 arch) spa apg ;;
693
694 # already in debian jessie
695 esac
696
697
698
699
700 # note this failed running at the beginning of this file,
701 # because no systemd user instance was running.
702 # Doing systemd --user resulted in
703 # Trying to run as user instance, but $XDG_RUNTIME_DIR is not set
704
705 if isdebian-testing; then
706 # as of 7/2016, has no unstable deps, and is not in testing anymore.
707 pi synergy/unstable
708 else
709 pi synergy
710 fi
711
712 case $distro in
713 # ubuntu unknown. probably the same as debian, just check if the
714 # init scripts come with the package.
715 debian)
716 # copied from arch, but moved to etc
717 s dd of=/etc/systemd/user/synergys.service <<'EOF'
718 [Unit]
719 Description=Synergy Server Daemon
720 After=network.target
721
722 [Service]
723 User=%i
724 ExecStart=/usr/bin/synergys --no-daemon --config /etc/synergy.conf
725 Restart=on-failure
726
727 [Install]
728 WantedBy=multi-user.target
729 EOF
730 s dd of=/etc/systemd/user/synergys.socket <<'EOF'
731 [Unit]
732 Conflicts=synergys@.service
733
734 [Socket]
735 ListenStream=24800
736 Accept=false
737
738 [Install]
739 WantedBy=sockets.target
740 EOF
741 # had this fail with 'Failed to connect to bus: No such file or directory'
742 # then when I tried it manually, it worked fine...
743 if ! systemctl --user daemon-reload; then
744 sleep 2
745 echo retrying systemd user daemon reload
746 systemctl --user daemon-reload
747 fi
748 ;;&
749 *)
750 # taken from arch wiki.
751 s dd of=/etc/systemd/system/synergyc@.service <<'EOF'
752 [Unit]
753 Description=Synergy Client
754 After=network.target
755
756 [Service]
757 User=%i
758 ExecStart=/usr/bin/synergyc --no-daemon frodo
759 Restart=on-failure
760 # per man systemd.unit, StartLimitInterval, by default we
761 # restart more than 5 times in 10 seconds.
762 # And this param defaults too 200 miliseconds.
763 RestartSec=3s
764
765 [Install]
766 WantedBy=multi-user.target
767 EOF
768 s systemctl daemon-reload
769 case $HOSTNAME in
770 x2|treetowl)
771 ser enable synergyc@ian
772 ser start synergyc@ian ||: # X might not be running yet
773 ;;
774 frodo)
775 systemctl --user start synergys ||:
776 systemctl --user enable synergys
777 ;;
778 esac
779 ;;
780 esac
781
782
783 ######### end misc packages #########
784
785
786 # packages I once used before and liked, but don't want installed now for
787 # various reasons:
788 # python-sqlite is used for offlineimap
789 # lxappearance python-sqlite dolphin paman dconf-editor
790
791
792
793 ######## unfinished
794
795 # todo, finish configuring smart.
796
797 pi smartmontools
798 # mostly from https://wiki.archlinux.org/index.php/S.M.A.R.T.
799 # turn on smart. background on options:
800 # first line, -a = test everyting on all devices.
801 # -S on, turn on disk internal saving of vendor specific info,
802 # from google, seems like this is usually already on and fairly standard.
803 # -o on, turn on 4 hour period non-performance degrading testing.
804 # short test daily 2-3am, extended tests Saturdays between 3-4am:
805 sched="-s (S/../.././02|L/../../6/03)"
806 s sed -i --follow-symlinks "s#^[[:space:]]*DEVICESCAN.*#\
807 DEVICESCAN -a -o on -S on -n standby,q $sched \
808 -m ian@iankelling.org -M exec /usr/local/bin/smart-notify#" /etc/smartd.conf
809
810 # in the default configuration of at least ubuntu 14.04, resolvconf is
811 # configured to order any nameservers associated with tun* or tap*
812 # before the normal internet interfaces, which means they are always
813 # consulted first. This is often slower and undesirable, ie. local dns
814 # queries go from 0ms to 10+ or 100+ ms. To reverse the ordering, you
815 # can do:
816 #sudo sed -i --follow-symlinks '/tun\*\|tap\*/d' /etc/resolvconf/interface-order
817 # however, this breaks dns lookup for hosts on the openvpn lan.
818 # I can\'t figure out why hosts on the normal lan would not be
819 # broken under the default ordering, except the host I was
820 # testing with previously had an entry in /etc/hosts.
821
822 ############# end unfinished
823
824 ########### misc stuff
825
826
827 s cedit /etc/goaccess.conf <<'EOF' || [[ $? == 1 ]]
828 # all things found from looking around the default config
829 # copied existing NCSA Combined Log Format with Virtual Host, plus %L
830 log-format %^:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" %D
831 time-format %H:%M:%S
832 date-format %d/%b/%Y
833 log-file /var/log/apache2/access.log
834 color-scheme 2
835
836 # tip: copy access.log files to a stretch host directory, then run
837 # jessie's goaccess is too old for some options, and it's
838 # not easily installed from a testing.
839 # goaccess --ignore-crawlers -f <(cat *) -a -o html > x.html
840 EOF
841
842
843 if [[ $HOSTNAME == treetowl ]] && ! sudo test -e /etc/openvpn/client.key; then
844 /a/bin/vpn-setup/vpn-mk-client-cert dopub
845 fi
846
847
848 case $distro in
849 debian|ubuntu)
850 case `debian-archive` in
851 stable)
852 s dd of=/etc/apt/preferences.d/unison-gtk <<'EOF'
853 Explanation: Allow unison-gtk to be upgraded
854 Package: unison-gtk
855 Pin: release a=unstable
856 Pin-Priority: 500
857 EOF
858 # dont think using testing is needed since I figured out how to
859 # deal with mismatching unison compilers, but I dont
860 # see any reason to revert it, since it only installs
861 # a single package which is primarily a single binary
862 ;;
863 esac
864 pi unison/testing
865 pi unison-gtk/testing # after to make it the default unison
866 ;;
867 arch)
868 pi unison gtk2
869 ;;
870 esac
871
872 case $distro in
873 arch)
874 # default is alsa, doesn\'t work with with pianobar
875 s dd of=/etc/libao.conf <<'EOF'
876 default_driver=pulse
877 EOF
878 ;;
879 esac
880
881 # not using it atm, and for jessie, it depends on a higher version of btrfs-tools
882 # case $distro in
883 # arch|debian|ubuntu) pi btrbk ;;
884 # # others unknown
885 # esac
886
887 if [[ $HOSTNAME == treetowl ]] && [[ `debian-archive` != testing ]]; then
888 # fail2 ban is broken, with a workaround, per
889 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171
890 # ill wait a while to see if it gets fixed
891 pi fail2ban
892 sgo fail2ban
893 fi
894
895
896
897
898
899 case $distro in
900 debian|ubuntu) s gpasswd -a ian adm ;; #needed for reading logs
901 esac
902
903 # tor
904 case $distro in
905 # based on
906 # https://www.torproject.org/docs/rpms.html.en
907 # https://www.torproject.org/docs/debian.html.en
908 # todo: figure out if the running service needs to be restarted upon updates
909
910
911 # todo on fedora: setup non-dev packages
912 fedora)
913 s dd of=/etc/yum.repos.d/torproject.repo <<'EOF'
914 [tor]
915 name=Tor experimental repo
916 enabled=1
917 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/$basearch/
918 gpgcheck=1
919 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
920
921 [tor-source]
922 name=Tor experimental source repo
923 enabled=1
924 autorefresh=0
925 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/SRPMS
926 gpgcheck=1
927 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
928 EOF
929
930 # to be secure, take a look at the fingerprint reported from the following install, and see if it matches from the link above:
931 # 3B9E EEB9 7B1E 827B CF0A 0D96 8AF5 653C 5AC0 01F1
932 sgo tor
933 /a/bin/buildscripts/tor-browser
934 ;;
935 ubuntu)
936 tu /etc/apt/sources.list "deb http://deb.torproject.org/torproject.org $(debian-codename) main"
937 gpg --keyserver keys.gnupg.net --recv 886DDD89
938 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
939 p update
940 pi deb.torproject.org-keyring
941 pi tor
942 /a/bin/buildscripts/tor-browser
943 ;;
944 debian)
945 pi tor
946 /a/bin/buildscripts/tor-browser
947 ;;
948 arch)
949 pi tor tor-browser-en
950 sgo tor
951 ;;
952 # ubuntu unknown
953 esac
954
955 # nfs server
956 case $distro in
957 fedora)
958 end_msg <<'EOF'
959 fedora todo: disable the firewall or find a way to automate it.
960 there's an unused section in t.org for tramikssion firewall setup
961
962 fedora manual config for nfs:
963 s firewall-config
964 change to permanent configuration
965 check the box for nfs
966 was hard to figure this out, not sure if this is all needed, but
967 unblock these too
968 mountd: udp/tcp 20048
969 portmapper, in firewall-config its called rpc-bind: udp/tcp 111
970 troubleshooting, unblock things in rpcinfo -p
971 make sure to reload the firewall to load the persistent configuration
972
973
974 EOF
975 pi nfs-utils
976 sgo nfs-server
977 ;;
978 debian|ubuntu)
979 pi nfs-server
980 ;;
981 arch)
982 pi nfs-utils || pending_reboot=true
983 sgo rpcbind
984 # this failed until I rebooted
985 sgo nfs-server
986 ;;
987 esac
988
989 if [[ $HOSTNAME == treetowl ]]; then
990 # nohide = export filesystems mounted deeper than the export point
991 # fsid=0 makes this export the "root" export
992 # not documented in the man page, but this means
993 # 1. it can be mounted with a shorthand of server:/
994 # 2. exports that are subdirectories of this one will automatically be mounted
995 tu /etc/exports <<'EOF'
996 /k 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)
997 EOF
998 s exportfs -rav
999 fi
1000
1001
1002 e "$end_msg_var"
1003
1004
1005 # persistent virtual machines
1006
1007 case $distro in
1008 debian|ubuntu)
1009 pi libosinfo-bin;
1010 ;;
1011 esac
1012
1013 # distro may not know about win 10 yet.
1014 variant=win7
1015 if ! virt-install --os-variant list &>/dev/null; then # we are using a newer virt-install
1016 for v in 10 8.1 8; do
1017 if osinfo-query os | gr "^\s*win${v/./\\.}\s" &>/dev/null; then
1018 variant=win$v
1019 break
1020 fi
1021 done
1022 fi
1023
1024 if ! s virsh list --all --name | grep -xF win10 &>/dev/null; then
1025
1026 # created account with
1027 # win10vmian@outlook.com, and easy to remember password
1028 # win 10 virtio, makes disk way way way faster
1029 # wget https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso
1030 # https://wiki.archlinux.org/index.php/QEMU#Change_Existing_Windows_VM_to_use_virtio
1031 # for installing virtio after initial install instead of with initial iso:
1032 # qemu-img create -f qcow2 fake.qcow2 1G
1033 # --disk=/a/images/virtio-win.iso,device=cdrom \
1034 # --disk=/a/images/fake.qcow2,bus=virtio
1035 # Also,
1036 # went to device manager, saw 2 pci devices with yellow !,
1037 # did search for drivers, pick cdrom location, done.
1038 #
1039 # from http://www.tenforums.com/tutorials/4189-fast-startup-turn-off-windows-10-a.html.
1040 # google said there was a control panel option for it, but
1041 # that turned out to be a lie.
1042 # Put this in a .bat file and run as administrator to turn off
1043 # hyberboot which fucks things up.
1044 # REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /V HiberbootEnabled /T REG_dWORD /D 0 /F
1045 # power settings, turn off display: never
1046 # run "control userpasswords2", turn on automatic login.
1047 # note: when changing devices, I just undefine, the create the vm again.
1048
1049 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1050 --disk=/a/images/win10.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
1051 -n win10 --import --os-variant $variant --cpu host-model-only
1052
1053 s virsh destroy win10
1054
1055 # this one hasn\'t had the virtio fix done yet.
1056 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1057 --disk=/a/images/win7.qcow2 --vcpus 2 -r 4096 -w bridge=br0 \
1058 -n win7 --import --os-variant win7 --cpu host-model-only
1059 s virsh destroy win7
1060 # had a problem with --cpu host, so trying out
1061 # --cpu host-model-only
1062
1063 fi
1064
1065
1066 if [[ $HOSTNAME == treetowl ]]; then
1067 pi samba
1068 # note samba re-reads it\'s config every 1 minute
1069 case $distro in
1070 arch) s cp /etc/samba/smb.conf.default /etc/samba/smb.conf ;;
1071 esac
1072
1073 # add 2 lines after workgroup option
1074 s sed -ri --follow-symlinks '/^\s*encrypt passwords\s*=/d' /etc/samba/smb.conf
1075 s sed -ri --follow-symlinks '/^\s*map to guest\s*=/d' /etc/samba/smb.conf
1076 s sed -i --follow-symlinks 's/\(\s*workgroup\s*=\).*/\1 WORKGROUP\n\tencrypt passwords = yes\n\tmap to guest = bad password/' /etc/samba/smb.conf
1077 # remove default homes section. not sharing that.
1078 s sed -ri --follow-symlinks '/^\s*\[homes\]/,/\s*\[/d' /etc/samba/smb.conf
1079
1080 if ! grep -xF '[public]' /etc/samba/smb.conf &>/dev/null; then
1081 s tee -a /etc/samba/smb.conf <<'EOF'
1082 [public]
1083 guest ok = yes
1084 read only = no
1085 path = /kr
1086 EOF
1087 fi
1088
1089 case $distro in
1090 debian|ubuntu)
1091 # systemd claims it generates units from /etc/init.d, but it
1092 # clearly doesn\'t in debian. I have no idea how they are
1093 # related. fuck debian right now. It\'s not documented. samba
1094 # has a systemd init file linked to /dev/null. There\'s this
1095 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769714 which
1096 # claims samba\'s sub-services will be started automatically by
1097 # systemd... it didn\'t on install, wonder if it will on
1098 # boot. It clued me in how to start it manually though. Nothing
1099 # in /usr/share/doc/samba, debian admin guide says nothing about
1100 # any of this. (this is in debian testing as of 4/2016).
1101
1102 s /etc/init.d/samba start
1103 ;;
1104 arch)
1105 sgo samba
1106 ;;
1107 esac
1108 fi
1109
1110 tu /etc/hosts <<< "127.0.1.1 $(hostname).lan $(hostname)"
1111
1112
1113
1114 rootdev=$(mount | sed -rn 's#^(\S+) on / .*#\1#p')
1115 s mkdir /mnt/root
1116 tu /etc/fstab <<< "$rootdev /mnt/root btrfs noatime,subvolid=0 0 0"
1117 mountpoint /mnt/root || s mount /mnt/root
1118 idev=$(mount | sed -rn 's#^(\S+) on /i .*#\1#p')
1119 if [[ $idev != $rootdev ]]; then
1120 s mkdir /mnt/iroot
1121 tu /etc/fstab <<< "$idev /mnt/iroot btrfs noatime,subvolid=0 0 0"
1122 mountpoint /mnt/iroot || s mount /mnt/iroot
1123 fi
1124
1125
1126 ######### begin stuff belonging at the end ##########
1127
1128
1129 # Apps we want to override others for default file handler:
1130 # simplest way in debian is to just install them last.
1131 simple_packages+=(
1132 mpv
1133 )
1134
1135 case $distro in
1136 ubuntu|debian)
1137 spa spacefm-gtk3 ;;
1138 arch)
1139 spa spacefm ;;
1140 esac
1141
1142
1143 pi "${simple_packages[@]}"
1144
1145
1146 if $pending_reboot; then
1147 echo "$0: pending reboot and then finished. doing it now."
1148 s reboot now
1149 else
1150 echo "$0: $(date): ending now)"
1151 fi
~16k lines of my .bashrc + lots of my configs